CVE-2020-2158 – org.jenkins-ci.plugins:literate

Package

Manager: maven
Name: org.jenkins-ci.plugins:literate
Vulnerable Version: >=0 <=1.0

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.01027 pctl0.76438

Details

Remote Code Execution vulnerability in Jenkins Literate Plugin Jenkins Literate Plugin 1.0 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability.

Metadata

Created: 2022-05-24T17:10:30Z
Modified: 2023-01-05T21:05:44Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-c329-r874-xc7j/GHSA-c329-r874-xc7j.json
CWE IDs: ["CWE-502"]
Alternative ID: GHSA-c329-r874-xc7j
Finding: F096
Auto approve: 1